1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

can not execute exe files to fix problems with my computer things getting worse, HELP

Discussion in 'Virus & Other Malware Removal' started by rencourt, May 4, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    This started suddenly. I had just worked on a windows movie maker file for a friends daughter for a school project and was using nero to convert it to a dvd file. After the first attempt was unsuccessful, my computer was crashing and I rebooted. When I did, I could no longer open my Nero, I got the following error:
    "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

    I soon found out, I also got this when I tried to use winzip, or vlc media player[​IMG].

    Who knows what else is effected. I have been searching for fixes, and found several threads here.

    I have already tried a system restore to earlier in the day before it occured, as well as tried merging exefix.reg from another post reccomendation, and following instructions from http://support.microsoft.com/?kbid=308421 still no luck.

    Everything works fine in safe mode and I AM the administrator of my system.

    I have a paid version of AVG. Ran virus checks, malware and spyware checks, nothing suspicious shows up.
    It has now effected more programs, I initially posted in software, but now Im afraid its a malware or hidden trojan, as more and more programs become effected. PLEASE HELP I use my computer for my business with web design, photo editing and computer generated art.

    I have since tried to uninstal my AVG[​IMG] and reinstall, system restore, last working configuration, HELP

    I am now unable to use internet explorer or google chrome browsers, only firefox is working... Please someone save me!

    when I try to execute fix files even in safe mode I get this error:
    'system admin has set policies to prevent this install'

    Can some one please tell me what to check/change to work around this block so I can fix my computer?

    I'm out of ideas! Can anyone help?
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Try this fix: EXEFIX

    Save the .reg file to your desktop. Double-click it to merge it to the registry.

    Reboot.

    If the fix only opens as a text file, right-click it and select Open With > Choose Program... Then, select the Registry Editor.


    If the Registry Editor is not in the list, browse to C:\WINDOWS and select regedit

    Hope it help! [​IMG]
     
  3. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Then,

    Please click here to download and install version 2.0.2 of the HijackThis Installer.

    Run it and select Do a system scan and save a logfile.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    Do not fix anything
     
  4. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    The registry fix was one of the first things I did, it didnt work.
    I am at work now, I will do the hijack this when I get home.
    I hope it does not include an exe file, because if it does Im sure I will get the same 'windows can not access.... stuff'

    I appreciate you trying to help me more than you know.

    I have had a post on majorgeeks for 2 days, has had 70+ readers and no replies!

    :)
     
  5. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    If you get something similar to this poster:

    Select the Registry Editor. [​IMG]
     
  6. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    no, sorry for the misunderstanding,
    I completed the merge registry... it just didnt solve the issue.

    I am going to try to complete the hijack this and post the results when I get home.
    Im leaving work in a few minutes. I will be home in about 30 min.
    However long it takes me to run the hijack (if my computer allowes me to execute it, with the current problems I am having) I will post the results and await further instruction.

    Thanks again for your assistance!
    It is appreciated more than you know!
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    If you can't run any .EXE files, I doubt you'll be able to run HijackThis. Nonetheless, try it if you can.
     
  8. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    when I try to run it in standard mode I get the same error I'm getting with most things at this point:
    ""Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

    In the beginning it was just a few things like Nero, VLC, and Incredimail, and it is rapidly growing to effect most things on my computer.

    Some programs will work in safe mode, but exe files mostly are giving me this error:
    'system admin has set policies to prevent this install'

    This all started after I was helping my friends daughter with a school movie project. The only thing that I can imagine could have started it, I downloaded a song from a file sharing network that I pay to be a member of (mp3 rocket) I have had it over 2 years and never had a problem.

    One of the songs was currupt and I deleted it immediately, but it may have had a virus/bug.
    However when I ran AVG (paid version) Malware and Spybot search and destroy all came up completely clean.

    I will do a reboot now and try to run the hijack in safe mode. If it doesnt work, I will be back. In the mean time, do you have any ideas for me to check settings to figure out what is wrong in safe mode to be giving me that error when I am logged in as administrator?

    Thanks for your patience and help!
    I'll be back - off to safe mode!
     
  9. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    success... can't believe it!
    I was able to install and run hijack this as admin in safe mode.
    the following is the log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:28:43 PM, on 5/4/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://products.webroot.com/disp020...2C6-9AF8-E07BCD7D0FAA&kc=ppcftoqi^^aerproljkf
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: <html>
    O1 - Hosts: <head>
    O1 - Hosts: <title>cominstall-adobe-flash.com</title>
    O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTQgMTY6NTU6NDgiO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6NDtzOjc0OiIvaC5waHA/Y2FjaGluZ0Rlbnk9M01lM2NOazU5Mmo3ODVuNSZpZD1oLmNvbSZpcD0xMjcuMC4wLjEmbW9kZT1ob3N0cyZkbGw9MSI7aTo1O3M6MTM6Ijk4LjE1Ny42Ni4xMzYiO2k6NjtzOjI6IjExIjtpOjc7czowOiIiO2k6ODtzOjE6InQiO2k6OTtOO2k6MTA7TjtpOjExO047aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047aToyMDtOO30=');
    O1 - Hosts: </script>
    O1 - Hosts: {
    O1 - Hosts: tW.blur();
    O1 - Hosts: window.focus();
    O1 - Hosts: }
    O1 - Hosts: </script>
    O1 - Hosts: </head>
    O1 - Hosts: <noframes>
    O1 - Hosts: </body>
    O1 - Hosts: </noframes>
    O1 - Hosts: </frameset>
    O1 - Hosts: </html>
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SysTrayApp] "C:\Program Files\IDT\WDM\sttray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Amazon Unbox.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: Csrss - C:\WINDOWS\SYSTEM32\csrss2.dll
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5902_012208\wdm\STacSV.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10355 bytes

    Additionally upon reboot I got a couple errors one was from microsoft frame work. it said:
    An unhandled exception has occured in a component in your application. Click continue and application will ignore this error and attempt to continue (invalid window class name) I clicked on details and there was a detailed log. I saved it, and can post it if needed. But I'll just let you deal with the hijack log for now.

    Thanks again for your time!

    R
     
  10. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    i see where it shows 'mywebstart' as my start/ home page - it isnt. I have incredimail, but I untoggle the mywebstart option. It did however put a search bar on my firefox I dont know how to disable... it isnt in my programs list to uninstall.
     
  11. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Your computer is obviously infected. Please click on Report and kindly ask to be moved to the Malware Removal & HijackThis Logs forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!
     
  12. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    Ok thanks, is it BAD? Once I'm fixed, will my programs work? Or is this something that is going to cause irreversable damage?
     
  13. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    I honestly don't know. A malware removal expert will be more suited to answer that.
     
  14. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    Should I keep my computer off while I wait? Will it continue to get worse if I dont?
    How did it get passed all my maleware, spyware and antivirus programs? CRAP!
    Will 48 hours cause more damage to occure? Now I'm freaked~
     
  15. rencourt

    rencourt Thread Starter

    Joined:
    May 4, 2010
    Messages:
    29
    How can you tell I'm infected? Did you see something suspicious?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/921055

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice